Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
CVE-2024-12224 Improper Validation of Unsafe Equivalence in punycode by the idna crat ...CVE-2025-4432 A flaw was found in Rust's Ring package. A panic may be triggered when ...CVE-2026-33055 tar-rs is a tar archive reading/writing library for Rust. Versions 0.4 ...CVE-2026-33056 tar-rs: tar-rs: Arbitrary directory permission modification via crafted tar archiveGHSA-8qv2-5vq6-g2g7 webpki: CPU denial of service in certificate path buildingGHSA-g98v-hv3f-hcfr atty potential unaligned readGHSA-cq8v-f236-94qc Rand is unsound with a custom logger using rand::rng()Your dependencies cross-checked against the OSV vulnerability database.
GHSA-r8w9-5wcg-vfj7 Mio's tokens for named pipes may be delivered after deregistrationGHSA-8qv2-5vq6-g2g7 webpki: CPU denial of service in certificate path buildingGHSA-g98v-hv3f-hcfr atty potential unaligned readGHSA-cq8v-f236-94qc Rand is unsound with a custom logger using rand::rng()RUSTSEC-2025-0056 adler crate is unmaintained, use adler2 insteadRUSTSEC-2021-0145 Potential unaligned readRUSTSEC-2024-0375 `atty` is unmaintainedRUSTSEC-2025-0057 fxhash - no longer maintainedRUSTSEC-2024-0421 `idna` accepts Punycode labels that do not produce any non-ASCII when decodedGHSA-h97m-ww89-6jmq `idna` accepts Punycode labels that do not produce any non-ASCII when decodedRUSTSEC-2024-0384 `instant` is unmaintainedRUSTSEC-2024-0019 Tokens for named pipes may be delivered after deregistrationRUSTSEC-2026-0097 Rand is unsound with a custom logger using `rand::rng()`RUSTSEC-2025-0009 Some AES functions may panic when overflow checking is enabled.RUSTSEC-2025-0010 Versions of *ring* prior to 0.17 are unmaintained.GHSA-4p46-pwfr-66x6 Some AES functions may panic when overflow checking is enabled in ringRUSTSEC-2024-0336 `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network inputRUSTSEC-2025-0059 servo-fontconfig crate is unmaintainedRUSTSEC-2026-0067 `unpack_in` can chmod arbitrary directories by following symlinksRUSTSEC-2026-0068 tar-rs incorrectly ignores PAX size headers if header size is nonzeroGHSA-gchp-q4r4-x4ff tar-rs incorrectly ignores PAX size headers if header size is nonzeroGHSA-j4xf-2g29-59ph tar-rs `unpack_in` can chmod arbitrary directories by following symlinksRUSTSEC-2023-0052 webpki: CPU denial of service in certificate path buildingCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 2.7/10scorecard-CI-Tests CI-Tests scored 0: 0 out of 12 merged PRs checked by a CI test -- score normalized to 0scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Dependency-Update-Tool Dependency-Update-Tool scored 0: no update tool detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-Maintained Maintained scored 0: 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0scorecard-Pinned-Dependencies Pinned-Dependencies scored 0: dependency not pinned by hash detected -- score normalized to 0scorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0scorecard-Security-Policy Security-Policy scored 0: security policy file not detectedscorecard-Signed-Releases Signed-Releases scored 0: Project has not signed or included provenance with any releases.scorecard-Token-Permissions Token-Permissions scored 0: detected GitHub workflow tokens with excessive permissionsscorecard-Vulnerabilities Vulnerabilities scored 0: 15 existing vulnerabilities detected